...
Tuesday, 01 January 2019
Only race cars should burnout.
Brett Shavers
This week, @taosecurity ( Richard Bejtlich ) wrote an important blog post on managing burnout ( Mana...
Sunday, 23 December 2018
Break dancing does not increase officer safety.
Brett Shavers
Call me paranoid. It’s okay. I’ve been called worse. Nothing I am saying in this post will harm offi...
Wednesday, 19 December 2018
What is the best way to get to Spokane from Seattle?
Brett Shavers
Stand by, here comes my opinion on forensic tools (software and hardware) I tend to prefer having th...
Saturday, 15 December 2018
Digital Forensics is Really Easy
Brett Shavers
The mechanics of digital forensics (and its related cousin, incident response) are fairly easy. A co...
Wednesday, 28 November 2018
On ransomware, my advice is different from that other guy's advice.
Brett Shavers
For engagements where my clients ask for help in preparing for a ransomware attack, the most asked q...
Wednesday, 21 November 2018
Don’t totally discount attribution in Incident Response work
Brett Shavers
I’m big on attribution in crimes. It is my personality and attitude, which you can probably tell fro...
Monday, 19 November 2018
What is this thing called "Patreon?"
Brett Shavers
Some have found a Patreon page that I created for the DFIR Training website ( http://www.patreon.com...
Monday, 29 October 2018
The Biggest, Baddest X-Ways Forensics Cheat Sheet ever
Brett Shavers
The short version: Support DFIR Training on Patreon and get this X-Ways Cheats ebook for free! The l...
Saturday, 27 October 2018
#DFIR Traveling Isn’t
Brett Shavers
For those working in DFIR , there are some who don’t travel, some who travel a lot, and some wh...
Saturday, 29 September 2018
Patreon at DFIR Training
Brett Shavers
If you haven’t seen yet, I started a Patreon page for DFIR Training ( www.dfir.training ). I’ve...
Tuesday, 18 September 2018
Previous
Next
1
2
3
4
5
6
7
8
9
10
EasyBlog.require()
.done(function($) {
// https://github.com/joomla/joomla-cms/issues/475
// Override if Mootools loaded
if (typeof MooTools != 'undefined' ) {
var mHide = Element.prototype.hide;
var mShow = Element.prototype.show;
var mSlide = Element.prototype.slide;
Element.implement({
hide: function () {
if (this.hasClass("mootools-noconflict")) {
return this;
}
mHide.apply(this, arguments);
},
show: function (v) {
if (this.hasClass("mootools-noconflict")) {
return this;
}
mShow.apply(this, v);
},
slide: function (v) {
if (this.hasClass("mootools-noconflict")) {
return this;
}
mSlide.apply(this, v);
}
});
};
// Prev and Next button
$('a[data-bp-slide="prev"]').click(function() {
$('[data-showcasepost-posts]').carousel('prev');
});
$('a[data-bp-slide="next"]').click(function() {
$('[data-showcasepost-posts]').carousel('next');
});
// Auto slider
$('[data-showcasepost-posts]').carousel({
interval: 8000,
pause: true
});
});
EasyBlog.ready(function($){
// Prevent closing
$(document).on('click.toolbar', '[data-eb-toolbar-dropdown]', function(event) {
event.stopPropagation();
});
// Logout
$(document).on('click', '[data-blog-toolbar-logout]', function(event) {
$('[data-blog-logout-form]').submit();
});
// Search
$('[data-eb-toolbar-search]').on('click', function() {
$('[data-eb-toolbar-search-wrapper]').toggleClass('hide');
});
});
Brett's blog
Posts List
EasyBlog.ready(function($) {
$('[data-module-easybloglist-5d7df1b5d0592]').on('change', function() {
var item = $(this).children(':selected');
window.location = item.data('permalink');
});
});
Select a blog entry
WinFE and Triage
MobaLiveCD
WinBuilder Revisited
Do you wanna be a beta tester for WinFE?
Updated video and other things
Portable Internet Evidence Finder and WinFE
It's time to build your WinFE!
But does it do Mac?
WinFE Demo Online
OSForensics
Triage Notes and WinFE
How easy (or difficult) is it to build a WinFE with WinBuilder?
Friendly reminders are always nice
Sharing the love with WinFE
An update to a long awaited project
Building your WinFE Update
Colin's Write Protect Application
WinFE Script Updated
For those that still haven't tried WinFE....
Winbuilder Tutorial
WinFE "Lite"
Creating a VMware Virtual Machine from a Raw Image File
How many users of WinFE?
Getting Ready for a Shadow Volume Exam
Adding Our Target System to Our SEAT Workstation
"Remote" Collections with WinFE, a neat trick
Mounting Shadow Volumes
A little reminder about 'write protection'
Colin's Final Version of his write protect application
X-Ways Forensics Practitioner's Guide is coming!
Windows 8 and WinFE
Getting a Quick Look at Shadow Volumes
RAIDs & Virtual Machines
WinFE Presentation
WinFE updated
Build questions
2012 in review
2012 in review
WinFE Presentation in Seattle
X-Ways Forensics Install Manager
Chapter 3 is in tech review!
CTIN 2013 Presentation
Talking about XWF in the CTIN Digital Forensics Conference
Chapter 6 is wrapping up!
Placing the Suspect Behind the Keyboard - NEW BOOK!
X-Tensions, what would you like to see it do?
XWFIM updated
Coming soon...X-Ways Forensics Report Tweaker, or XWFRT for short
XWFRT now available
XWFRT 0.0.4.6 released
XWFRT and XWFIM updated
XWFIM goes International!
XWFRT updated to 0.4.8
Table of contents updated!
Case Studies with X-Ways
WinFE and UEFI Secure Boot!
Starting the last chapter!
Starting the last chapter!
Multiple File Finder X-Tension for X-Ways Forensics
Case Studies
XWFIM updated
Take the XWF class or buy the book?
Is WinFE still being used?
Writing is done!
About those case studies.....
The bar is now closed...
"This book is going to be great!"
XWFIM version 0.0.5.4 released
Hitler rants about Encase training policies - Downfall parody
Running Autopsy 3 Digital Forensics Platform on WinFE Lite for Triage Forensics
XWF Practitioner's Guide Date Change
A great interview with Author Eric Zimmerman.
Making the build even easier
A few more days...
Now this is good.
Another free tool for X-Ways, from Magnet Forensics
40% Discount off the X-Ways Forensics Practitioner's Guide
Some bad news and some good news on the XWF Guide...
Temporary 40% discount on a book I wrote
Last day for the 40% discount on the XWF Guide!
The XWF Guide discount ship has sailed
The X-Ways Forensics Practitioners Guide is available in Kindle!
Book stuff
Guess I'm not the only one with a Kindle...
Elsevier SciTechConnect
The XWF Guide aka, "going like hot cakes"
Positive Feedback
Want a free and signed copy of the XWF Guide? It's yours!
XWF Guide Review by Ken Pryor
Another short-run sale
XWF Guide as #2 best seller (in Forensic Science) on Amazon
Clean up on aisle 7...
X-Ways Users Conference
Cool. Download the XWF Guide to your iPad, iPhone, iTouch, or iPod
Hindsight is 20-20
Creating distributable test images
Best publicly available testing of WinFE I've seen to date
Another discount on the XWF Guide at $37.96
Updated link on the Mistype project
Mini-WinFE
X-Ways Forensics and WinFE
Mini-WinFE is out of beta!
Quick video on building a Mini-WinFE
WinFE article in eForensics Magazine
Imaging with X-Ways Forensics
Cloud Storage Forensics and XWF
Something else cool about XWF
A very kind review of Placing the Suspect Behind the Keyboard
X-PERT Certification Program
CyberCrime 2013 Symposium
XWF Guide translations
X-Ways Forensics Imaging Article
X-Ways Forensics Install Manager
Cool update to the XWFIM, Portable Install
Integrated Scripts to WinFE
Thesis on WinFE, shared by Alex Van Ginkel
Cloud Storage Forensics book review
Cloud Storage Forensics
Natural Progression for New Users of WinFE
More WinFE work and research!
Windows Forensic Analysis, Fourth Edition
WFA/4e
No surprise. XWF does something other tools don't
WinFE has some street cred with the Scientific Working Group on Digital Evidence
Hacking Exposed - Daily Blog #242, How to build WinFE to add to the Multiboot thumbdrive
Another reason to use, try, or at least just learn about XWF
A gathering of the X-Ways users in Australia
From Hacking Exposed: Adding the WinFE Image to the Multiboot Thumbdrive Image (Video)
WinFE (and of course, XWF)
Not X-Ways, but of interest to Encase users
Network Investigation & Digital Triage by SEARCH.org
Hey look! Now there is a book on FTK.
"Placing the Suspect Behind the Keyboard" discount code
Humbled and honored
Vote for your favorite book.
Vote for your favorite book
Book Review: Windows Forensic Analysis Toolkit, 4th Edition
WinFE Success Story
Free Course Materials - Placing the Suspect Behind the Keyboard
Mini-WinFE Updated
www.reboot.pro discussion | DMDE - Basic Disk Imaging Test (and results)
Suggestions for a WinFE Imaging Tool Based on Clonedisk?
"Based upon the test results it is possible to run all versions of WinPE on a system with only 128 MB of system RAM"
Coming Soon, Online WinFE Training Program
A Quicker Way to the Shadow Volumes and Dealing with Win 8 VHDXs
Some Interesting WinFE Related Stuff I Found Online
Vote for the best book right away!
WinFE Course
Don't blame me...
WinFE online is done, except for a few little things
Digital Forensics Book of the Year!
New X-Tension: Up to 30GB min speeds on SSD drives!
Windows Forensic Environment - WinFE Online Course Now Available
WinFE course snafu
Keep up with WinFE on Twitter
X-Ways Forensics Online Training
Mini-WinFE has been updated
X-Ways Forensics Practitioner's Guide Online II
Thanks to Ken Pryor for his kind review of the WinFE online course
Last day of discounted X-Ways Forensics online course
Cool work at the Windows Triage Environment
Free WinFE course
SEARCH High-Tech Crime Trainers to Debut WinFE as a new topic
X-Ways MD5 Hash Manipulator
BlockHasher for XWF
WinFE Taught in Australia
C4All X-Tension for CETS users
Forensic Training with WinFE. Cool.
XWF II and III...
New version of X-Tension
USB Malware and WinFE
Workarounds to Workarounds (and some hints & reminders)
Image a Surface Pro using bootable UEFI WinFE
Updates to X-tension and Hash File Manipultator
Barely any updates to WinFE :(
C4All X-tension update
Is it worth the time to figure out WinFE?
More on Autopsy and WInFE
Another Discount on the XWF Guide at $37.96
Book Review: Windows Forensic Analysis Toolkit, 4th Edition
X-Ways Online Training Course
I had a blast presenting for ICAC at Microsot
Tor is perfect! (except for the user....)
A little update coming for Mini-WinFE
Teaching Digital Forensics at the University of Washington
Libraries and the Tor Browser
Massive Government Surveillance - Not a new thing
RegRipper
The best part of writing a book is finishing the book.
What is this thing "privacy" you speak of?
Tech Talk Can Get You Lost in Lingo
Bio-hacked humans and digital forensic issues...
Books written by practitioners are many times better than those written by those who 'never done it'
Apple. Oranges. And Encryption.
Let's not go all Patriot Act on this Apple - FBI encryption thing.
Dude, just write the book.
The four corners of the Apple v FBI encryption debacle
Barking up the Encryption Tree. You're doing it wrong.
I'm just a Tor exit node! I'm just a Tor exit node!
When everyone's talking about it
Tag Cloudprivacy
Bitcoin Forensics
Hiding Behind the Keyboard
North korea
winfe
bitcoin
surveillance
training
Jimmy Weg
gmail
email
RegRipper
investigations
Hacker
case studies
Placing the Suspect Behind the Keyboard
bitcoin forensics
Volume Shadow Copy
wiretap
writing
Windows Forensic Environment
presentations
windows fe
book
Registry Forensics
4cast
dfir
investigation
imaging
phishing
X-Ways Forensics
Virtualization
tor browser
windows forensic environment
University of Washington
forensics
X-Ways Forensics Practitioner's Guide
Search Blog
Search
DFIR Training
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks!
http://www.patreon.com/DFIRTraining
(adsbygoogle = window.adsbygoogle || []).push({});
{source}